diff --git a/auth-routes/loginUser.mjs b/auth-routes/loginUser.mjs
new file mode 100644
index 0000000..bd03458
--- /dev/null
+++ b/auth-routes/loginUser.mjs
@@ -0,0 +1,52 @@
+import jwt from "jsonwebtoken";
+import passport from "passport";
+import jwtSecret from "../config/jwtConfig";
+import { db } from "../db.mjs";
+import logger from "../logger.mjs";
+
+module.exports = (app) => {
+  app.post("/loginUser", (req, res, next) => {
+    passport.authenticate("login", (err, users, info) => {
+      if (err) {
+        logger.error(`error ${err}`);
+      }
+      if (info !== undefined) {
+        logger.error(info.message);
+        if (info.message === "bad username") {
+          res.status(401).send(info.message);
+        } else {
+          res.status(403).send(info.message);
+        }
+      } else {
+        req.logIn(users, async () => {
+          let user = await db("users")
+            .select("*")
+            .where({ username: req.body.username });
+          user = user[0];
+          const token = jwt.sign({ id: user.id }, jwtSecret.secret, {
+            expiresIn: 60 * 60,
+          });
+          res.status(200).send({
+            auth: true,
+            token,
+            message: "user found & logged in",
+          });
+          // User.findOne({
+          //   where: {
+          //     username: req.body.username,
+          //   },
+          // }).then((user) => {
+          //   const token = jwt.sign({ id: user.id }, jwtSecret.secret, {
+          //     expiresIn: 60 * 60,
+          //   });
+          //   res.status(200).send({
+          //     auth: true,
+          //     token,
+          //     message: "user found & logged in",
+          //   });
+          // });
+        });
+      }
+    })(req, res, next);
+  });
+};
diff --git a/config/passport.mjs b/config/passport.mjs
index cb83ff2..a8826fd 100644
--- a/config/passport.mjs
+++ b/config/passport.mjs
@@ -1,7 +1,8 @@
 import bcrypt from "bcrypt";
 import jwtSecret from "./jwtConfig";
-
 const BCRYPT_SALT_ROUNDS = 12;
+import { db } from "../db.mjs";
+import logger from "../logger.mjs";
 
 const passport = require("passport");
 const LocalStrategy = require("passport-local").Strategy;
@@ -18,35 +19,49 @@ passport.use(
       passReqToCallback: true,
       session: false,
     },
-    (req, username, password, done) => {
+    async (req, username, password, done) => {
       try {
-        User.findOne({
-          where: {
-            [Op.or]: [
-              {
-                username,
-              },
-              { email: req.body.email },
-            ],
-          },
-        }).then((user) => {
-          if (user != null) {
-            console.log("username or email already taken");
-            return done(null, false, {
-              message: "username or email already taken",
-            });
-          }
-          bcrypt.hash(password, BCRYPT_SALT_ROUNDS).then((hashedPassword) => {
-            User.create({
-              username,
-              password: hashedPassword,
-              email: req.body.email,
-            }).then((user) => {
-              console.log("user created");
-              return done(null, user);
-            });
-          });
+        let user = await db("users").where({ username }).select("*");
+        if (user.length > 0) {
+          logger.warn("username already taken");
+          return done(null, false, { message: "username already taken" });
+        }
+        user = user[0];
+        const hashedPwd = await bcrypt.hash(password, BCRYPT_SALT_ROUNDS);
+        const userCreated = await db("users").insert({
+          username,
+          password: hashedPwd,
         });
+        logger.info(`user ${username} created`);
+        return done(null, userCreated);
+
+        // User.findOne({
+        //   where: {
+        //     [Op.or]: [
+        //       {
+        //         username,
+        //       },
+        //       { email: req.body.email },
+        //     ],
+        //   },
+        // }).then((user) => {
+        //   if (user != null) {
+        //     console.log("username or email already taken");
+        //     return done(null, false, {
+        //       message: "username or email already taken",
+        //     });
+        //   }
+        //   bcrypt.hash(password, BCRYPT_SALT_ROUNDS).then((hashedPassword) => {
+        //     User.create({
+        //       username,
+        //       password: hashedPassword,
+        //       email: req.body.email,
+        //     }).then((user) => {
+        //       console.log("user created");
+        //       return done(null, user);
+        //     });
+        //   });
+        // });
       } catch (err) {
         return done(err);
       }
@@ -62,31 +77,51 @@ passport.use(
       passwordField: "password",
       session: false,
     },
-    (username, password, done) => {
+    async (username, password, done) => {
       try {
-        User.findOne({
-          where: {
-            username,
-          },
-        }).then((user) => {
-          if (user === null) {
-            return done(null, false, { message: "bad username" });
-          }
-          bcrypt.compare(password, user.password).then((response) => {
-            if (response !== true) {
-              console.log("passwords do not match");
-              return done(null, false, { message: "passwords do not match" });
-            }
-            console.log("user found & authenticated");
-            return done(null, user);
-          });
-        });
+        const user = db("users").select("*").where({ username });
+
+        if (user.length === 0) {
+          logger.info(`username ${username} does not exist`);
+          return done(null, false, { message: "bad username" });
+        }
+        user = user[0];
+        const pwdMatch = await bcrypt.compare(password, user.password);
+        if (pwdMatch !== true) {
+          logger.info(`passwords do not match`);
+          return done(null, false, { message: "passwords do not match" });
+        }
+        logger.info(`password found and authenticated`);
+        return done(null, user);
       } catch (err) {
         done(err);
       }
     },
   ),
 );
+// User.findOne({
+//   where: {
+//     username,
+//   },
+// }).then((user) => {
+//   if (user === null) {
+//     return done(null, false, { message: "bad username" });
+//   }
+//   bcrypt.compare(password, user.password).then((response) => {
+//     if (response !== true) {
+//       console.log("passwords do not match");
+//       return done(null, false, { message: "passwords do not match" });
+//     }
+//     console.log("user found & authenticated");
+//     return done(null, user);
+//   });
+// });
+//       } catch (err) {
+//         done(err);
+//       }
+//     },
+//   ),
+// );
 
 const opts = {
   jwtFromRequest: ExtractJWT.fromAuthHeaderWithScheme("JWT"),
@@ -95,23 +130,37 @@ const opts = {
 
 passport.use(
   "jwt",
-  new JWTstrategy(opts, (jwt_payload, done) => {
+  new JWTstrategy(opts, async (jwt_payload, done) => {
     try {
-      User.findOne({
-        where: {
-          id: jwt_payload.id,
-        },
-      }).then((user) => {
-        if (user) {
-          console.log("user found in db in passport");
-          done(null, user);
-        } else {
-          console.log("user not found in db");
-          done(null, false);
-        }
-      });
+      let user = await db("users").select("*").where({ id: jwt_payload.id });
+      if (user.length === 1) {
+        logger.info("user found");
+        done(null, user[0]);
+      } else {
+        logger.info("user not found");
+        done(null, false);
+      }
     } catch (err) {
       done(err);
     }
   }),
 );
+
+// User.findOne({
+//   where: {
+//     id: jwt_payload.id,
+//   },
+// }).then((user) => {
+//   if (user) {
+//     console.log("user found in db in passport");
+//     done(null, user);
+//   } else {
+//     console.log("user not found in db");
+//     done(null, false);
+//   }
+// });
+//     } catch (err) {
+//       done(err);
+//     }
+//   }),
+// );